Prolific allows the designer to download the demographic data of the participants and by integration guide with Qualtrics and Pavlovia, the prolific ids are stored in the data files. Is it ethically allowed to store the demographics of the participants, especially considering the European law on data protection and privacy?
Hi @Nirmitee , welcome to the forum. I don’t know the nuts and bolts of the European privacy laws, so perhaps someone else can comment on that. I will say though, that if you’re conducting IRB-approved research, you can ask the participants directly by informing them that you will have access to their demographic data from Prolific. I don’t believe there would be a blanket policy against this procedure, given the opportunity for informed consent.
Hey @Nirmitee, apologies for the delay in getting back to you.
Prolific is a UK-based company which complies (or is in the process of complying) with GDPR. All survey data is collected by researchers using 3rd party software - so we do not have access to this data.
We do ourselves collect personal data about participants which we use for screening, however we only ever share an anonymised version of this data with Researchers (using Prolific IDs).
Participants have consented to share the data which is eventually shared with you. However, Prolific is not the ‘data controller’, you would be responsible for ensuring that the data you download is stored in a way that is compliant with local law.
The full legalease:
Prolific is a marketplace. We don’t host studies, and we don’t provide study responses. We connect researchers with participants. There’s a little more value than that, of course (Prolific pre-screens participants for suitability and quality, makes sure funds are available to pay participants before listing studies, and handles payments on behalf of researchers, for example), but fundamentally we’re a marketplace rather than a vendor.
That has several consequences. One is that Prolific will never handle (or even see) the contents of study submissions. That makes life much easier for academic researchers as it conserves the confidentiality and independence of the study and means they don’t need to account for the involvement of a third actor when seeking ethics approvals. It also vastly simplifies data flows from a data protection perspective – because all studies take place off-platform, Prolific never processes any personal data generated in the performance of a study. It follows that the research institution is data controller of any participant personal data it receives in connection with a study. It would be impossible for Prolific to be a controller (or even processor) of that data because we never process it. Typically, most studies are anonymised and will not involve the collection of personal data but where personal data is collected, it is the researcher’s responsibility to ensure a privacy notice is included in the study documentation and that they otherwise comply with any local laws applicable to data protection.
All of the detail associated with any user’s account (whether participants or researchers) is personal data of which Prolific is a controller, as we process it for our own business purposes (primarily the purposes of offering our platform services to users concerned).